The latest episode covers highlights from the ESET Threat Report H1 2025. Key topics include the rise of the new social engineering technique ClickFix, law enforcement disruptions of major infostealers like Lumma Stealer, and intense infighting among ransomware gangs that even took down the leading group, RansomHub. For the full report and coverage of other recent threats, visit WeLiveSecurity.com.

In this episode, we unpack ESET’s latest APT Activity Report. Highlights include China-aligned UnsolicitedBooker’s persistence, Worok’s tools sharing that makes clear attribution difficult, Russia-aligned Sandworm’s ZEROLOT wiper, and Sednit’s expanded Operation RoundPress. We also touch on North Korea’s financial schemes and Iran-aligned group coordination. For the full report, visit WeLiveSecurity.com.

In this episode, we discuss the findings of the latest ESET Threat Report H2 2024. These include infostealer shakeup; a novel attack vector that works for both Android and iOS devices; and booming numbers of investment HTML/Nomani scams seen on social media. For those who prefer the full “print” version of the report, visit WeLiveSecurity.com to read about other topics it covers.

Neanderthals hunting Mammoths are back. Of course, we’re not talking about technology resurrecting them. No, this episode of our podcast returns to the malicious operation of dozens of cybercriminal groups (Neanderthals) targeting users (Mammoths) on online marketplaces, using a malicious bot Telekopye. Our guests, malware researchers Radek Jizba and Jakub Soucek, discuss the information ESET has gathered about the cybercriminal ecosystem, explain some of the scenarios used by the attackers and map out their expanded hunting grounds. For more information, head to WeLiveSecurity.com.

When describing state-backed threat actors, one would probably expect a sophisticated, stealthy group that avoids all alarms with surgical precision. In contrast, Gamaredon is one noisy, extremely active Russia-aligned group that does not care if defenders uncover its activities. However, it is also an actor that improves its cyberespionage tools and techniques every day. If you want to know more then listen to the debate of ESET Researchers Robert Lipovský and Zoltán Rusnák. For full details go to WeLiveSecurity.com.

Some cybercriminals are sophisticated, cooperate with other attackers and do everything to stay under the radar. Then there are threat actors like CosmicBeetle that lack the necessary skills set, yet still compromise systems and even achieve “stealth” by using odd, impractical and overcomplicated techniques. If you want to know more about this crude and clumsy actor, listen to ESET senior malware researcher Jakub Souček talk about his research findings with our host Distinguished Researcher Aryeh Goretsky. For a detailed report on CosmicBeetle visit WeLiveSecurity.com.

Telegram, with nearly a billion monthly users, is a juicy target for cybercriminals, especially if they can exploit a zero-day vulnerability to spread malicious code. ESET malware researcher Lukáš Štefanko found an exploit – which ESET named EvilVideo – being sold online. In the discussion with our podcast host ESET Distinguished Researcher Aryeh Goretsky, Štefanko describes which platforms were affected, what malware can be bundled with EvilVideo, and how Telegram reacted to the vulnerability report.

In this episode, ESET Distinguished Researcher Aryeh Goretsky and his guest ESET Principal Threat Intelligence Researcher Robert Lipovsky detail recently discovered unusual adware called HotPage. It caught attention of researchers by using a Microsoft-signed, yet vulnerable, kernel driver to inject and manipulate what victims see in their browsers. With its advanced technical means and targeting of Chinese internet cafes and gamers, it shows that even adware creators can invest extra time and effort to innovate their malicious products.

The I-SOON data leak has allowed us to identify FishMonger, a group notorious for the cyberattacks against Hong Kong universities back in 2019, as I-SOON. This contractor also developed a platform for tracking gambling activity, linking the group to Operation ChattyGoblin. MustangPanda conducted a series of attacks on cargo shipping companies in Norway, Greece, and the Netherlands, even compromising the ships’ systems. Since the Hamas-led attack on Israel in 2023, Iran-aligned groups have shifted focus to impact attacks. Visit WeLiveSecurity to read about other topics covered in the the latest ESET APT Activity Report.

In 2023, ESET detected over 675,000 attempts to access malicious domains abusing the popularity of ChatGPT; some offer bring-your-own-key web apps that can steal OpenAI API keys. Apart from AI, in H2 the Cl0p ransomware gang exploited MOVEit software, causing a staggering $14 billion in damages. The IoT landscape faced the new Pandora botnet, compromising Android devices via malicious firmware updates or pirated content apps.

In this episode, ESET researchers Radek Jizba and Jakub Souček talk the dynamics within and between various Neanderthal groups, techniques these hordes use to find and select the best Mammoths and especially about how Neanderthals teach each other how to use a cybercriminal toolkit called Telekopye to scam unsuspecting users on online marketplaces.

In H1 2023, intrusion vectors were closing left and right, forcing cybercriminals to revisit old routes such as brute-forcing MS SQL servers or distributing (AI-generated?) sextortion and text-based email messages and led a few to kickstart several usury Android apps. But there’s also good news as Emotet botnet went quiet after a month of ineffective campaigning, and Redline stealer has been disrupted by ESET researchers and their friends at Flare systems.

What do Disco, NightClub, backdoors, espionage, and internet service providers in Belarus all have in common? They all are tied to the same MoustachedBouncer. While it sounds like a bad joke, these are some of the key findings of ESET’s latest research focusing on a recently discovered APT group described in this episode by ESET’s Director of Threat Research Jean-Ian Boutin.

Towards the end of 2022, an unknown threat actor posted an ad for a new and powerful UEFI bootkit called BlackLotus. Its most distinctive feature? This malware could bypass UEFI Secure Boot, a feature preventing modern computers from running unauthorized software. What sounded like a myth turned into reality a few months later, when ESET Malware Researcher Martin Smolár found a sample that perfectly matched the description.

What do you need to break into a corporate network? ESET’s latest research suggests that interest in secondhand computer hardware, a bit of time, and $100 is more than enough. In this episode, ESET Specialized Security Researcher Cameron Camp explains to host Aryeh Goretsky what secrets he found on secondhand routers bought online, what types of companies he would be able to penetrate with that information, and how to securely wipe devices before selling them

Since the Russian invasion on February 24, 2022, Ukrainians have had to defend their data against an unprecedented number of data-wiping malware variants. While Russian threat actors seem like the obvious culprit, attributing these attacks to specific groups based on evidence is a different. In this episode, ESET researchers Anton Cherepanov and Robert Lipovský explain to the host Aryeh Goretsky what pointed them to the crucial samples, how they pinned some of the attacks to a Russian cyberactor probably most notorious for NotPetya and Industroyer.

In the last four months of 2022, Russia-aligned APT groups unleashed several instances of data-destroying malware in Ukraine. Android detections grew rapidly, while almost all crimeware categories continued to head South. In this episode of the ESET Research Podcast, our host Aryeh Goretsky and his guest Ondrej Kubovic explore the trends in several of those threat areas, including ransomware, exploits used for initial access, and more.

Let’s say your network access gets shut off from the rest of the world due to a catastrophic event. Whether it is a natural disaster, an armed conflict, a decision of an authoritarian regime or your connection is just squeezed to a trickle by overzealous network restriction and power grid issues; how secure will you be and for how long? In this episode of ESET Research Podcast, Aryeh Goretsky and Cameron Camp look at this scenario and its implications for the cybersecurity of one’s devices.

Looking at the telemetry data from May through August, it seems like cybercriminal scene has taken taking its foot off the pedal in almost every possible area. But what is the reason for the drop? In this episode of ESET Research Podcast, Aryeh Goretsky and Ondrej Kubovic explain potential theories behind the brutal decline in RDP brute-force attacks; changes observed around ransomware messaging and targeting, but they also mention one malware category, where the decline did not apply.

This is an ESET Research Podcast special, recorded at RSA Conference 2022 in San Francisco. In it, ESET’s top machine-learning experts Juraj Jánošík and Filip Mazán are interviewed about the use of artificial intelligence in the industry, and how it compares with the claims presented at the expo and in the talks they’ve seen. In the second part of the episode, ESET Specialized Researcher Cameron Camp offers insights into the security of medical devices, another hot topic of this year’s RSAC.